Dessie Ellis (Dublin North West, Sinn Fein)
Link to this: Individually | In context | Oireachtas source

14. To ask the Minister for Finance if he will confirm that in relation to the Central Bank’s IT system an engineer (details supplied) making a change to the application server which was not approved by the Central Bank caused a short outage as the server crashed. [41517/13]

Martin Ferris (Kerry North-West Limerick, Sinn Fein)
Link to this: Individually | In context | Oireachtas source

24. To ask the Minister for Finance if he will provide update of the outsourcing of the Central Bank’s IT system; and what steps are being taken to minimise the security risk. [41518/13]

Michael Noonan (Limerick City, Fine Gael)
Link to this: Individually | In context | Oireachtas source

I propose to take Questions Nos. 14 and 24 together.

The Central Bank of Ireland has entered into a contract with HP to provide the physical data centre environment to host the Central Bank’s IT systems and to manage the technical infrastructure aspects of these systems. HP will also provide hosting facilities at a backup data centre for the purposes of business continuity. Both of these data centres are located in Dublin. The Central Bank will remain in control and manage all sensitive systems and data. This new data centre will negate the requirement for the Central bank to build two new data centre environments to replace existing facilities which are at ‘end of life’. It will also enable supplier consolidation for a range of services currently being provided by a diverse group of up to seventeen external suppliers. This is a complex technical project and is made up of a number of phases, sequenced to mitigate risk and to move the key infrastructure as seamlessly as possible. I have been informed by the Central Bank that the project is progressing well and is scheduled for completion by end year.

The incident to which the Deputy refers occurred on 17th September when one of the servers which had recently been migrated to the HP Data Centres became unavailable for a short period. The incident in question was the result of a process failure which has since been identified and rectified as part of the standard transition arrangements. The incident lasted for 15 minutes. The impact was minor and did not impact any business service of the Central Bank.

I have been informed by the Central Bank that its IT systems are operating within expected norms and service levels. Incidents can arise in the normal course of events and these are all investigated for root cause and any necessary remediation taken. This includes root cause that may be attributed to hardware, software, process compliance or human error irrespective of whether internally or externally generated.

The responsibility for operational and security policies at the Central Bank continues to be a matter for the Central Bank Commission and the Governor of the Bank. The security of the technical aspects of the systems will be achieved through a combination of physical and logical protections, procedural and process protections, security features including encryption where necessary and on-going monitoring and reporting features. The steps taken comply with the Central Bank’s internal security policies and those of the ECB and are underpinned by the contractual and legal arrangements with the IT provider.